<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" " http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns=" http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>新华保险投票系统v1.0</title>
    <link rel="stylesheet" type="text/css" href="css/login.css" />
</head>
<body>
    <div id="wrapper">
        <form action="login.php?action=login" method="post">
            <p id="user"><input id="name" name="name" type="text"/></p>
            <p id="pw"><input id="password" name="password" type="password"/></p>
            <p id="sb"><input id="submit" name="submit" type="submit" value="登陆"/><a id="registration" href="registration.php">注册</a></p>
        </form>
    </div>

    <?php
    require('config.php');
    function clearcookies(){
        setcookie('username','',time()-3600);
        setcookie('islogin','',time()-3600);
        setcookie('permission','',time()-3600);
     }

    function checkuser($account,$password){
        $query_userid = mysql_query("select userId from users where account='$account' and pass='$password'");
        $isuser = mysql_fetch_row($query_userid);
        if($isuser[0]){
            return true;
        }else return false;
    }

    function getpermission($name,$password){
        $query_permission = mysql_query("select permission from users where name='$name' and pass='$password'") or die(mysql_error());
        $permission1 = mysql_fetch_row($query_permission);
        return  $permission1[0];
    }

    
    if(isset($_GET['action']) && $_GET['action']=="login"){
         clearcookies();
         $isuser = checkuser($_POST['name'],$_POST['password']);
         if($isuser){
//                $permission = getpermission($_POST['name'],$_POST['password']);
                $name=$_POST['name'];
                $password=$_POST['password'];
                $query_permission = mysql_query("select permission from users where account='$name'") or die(mysql_error());
                $permission = mysql_fetch_row($query_permission);
                setcookie('username',$_POST['name'],time()+60*60*24*7);
                setcookie('islogin',1,time()+60*60*24*7);
                setcookie('permission',$permission[0],time()+60*60*24*7);
                header("Location:index.php");
         }else{
                echo '<script> alert("亲，你的用户名或密码出错了")</script>';
         }
    }else if(isset($_GET['action'])&&$_GET['action']=='logout'){
            clearcookies();
    }
    mysql_close();
?>
</body>
</html>
